cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1348
Views
1
Helpful
6
Replies

Can't SSH anymore to Firepower device onto the management interface

MXUser
Level 1
Level 1

Hi

I have an FMC managed 1140 device on FTD 7.2.4, as of this morning I was able to SSH to it on the management interface, now I am not able to SSH, I also added a policy to try to SSH via the other interfaces but without luck, this is what I get:

kex_exchange_identification: Connection closed by remote host

there is a script running in the background to fix a S2S session reestablishing every hour and it uses SSH to that management interface.. it stopped working this morning, the script do close the ssh session/connection, so cleanup is done.. 

Questions:
- How to troubleshoot SSH connections ? I have serial console access.
- How to see if the SSH daemon is running or probably crashed if resources sessions are not properly release? possibility..

Thanks

1 Accepted Solution

Accepted Solutions

There is a monitoring daemon that watches the sshd listener. It is supposed to restart the listener if it finds it to not be listening.

 

> expert
admin@ftdv-1:~$ sudo su -
Password: 
root@ftdv-1:~# ps -ef | grep ssh
root      3574  3531  0 Jul24 ?        00:01:19 /bin/sh /etc/init.d/sshd monitor
root     24401     1  0 Jul24 ?        00:00:00 sshd: /usr/sbin/sshd [listener] 0 of 100-100 startups
root     28638 24401  0 17:17 ?        00:00:00 sshd: admin [priv]
admin    28647 28638  0 17:17 ?        00:00:00 sshd: admin@pts/0
root     28804 28749  0 17:17 pts/0    00:00:00 grep --color=auto ssh
root@ftdv-1:~#

 

You can trigger it manually as follows:

 

/etc/init.d/ssh {start|stop|status|reload|force-reload|restart|monitor}

 

 

View solution in original post